#!/bin/sh
nic #
 iptables -t nat -F
nic #
 iptables -F
nic #
 # NAT
nic #
 iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254
nic #
 # make sure that we never acidentially let ESP through.
nic #
nic #
nic #
nic #
 iptables -I FORWARD 1 --proto 50 -j DROP
nic #
 #iptables -I FORWARD 2 --destination 192.0.2.0/24 -j DROP
nic #
 #iptables -I FORWARD 3 --source 192.0.2.0/24 -j DROP
nic #
 # route
nic #
 #iptables -I INPUT 1 --destination 192.0.2.0/24 -j DROP
nic #
 # Display the table, so we know it is correct.
nic #
 iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  192.1.3.0/24         0.0.0.0/0            to:192.1.2.254
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
nic #
 iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP    esp  --  0.0.0.0/0            0.0.0.0/0           
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain DROP (1 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
DROP       all  --  0.0.0.0/0            0.0.0.0/0           
nic #
 echo done.
done.

